Business Continuity: Too Important To Ignore

12

Nov

Written by Steve Ross, 12 November 2015

Despite numerous high profile incidents, research shows that small businesses are ignoring the importance of business continuity... but why?

We spend plenty of time sermonising business continuity to our clients, but there's an inherent danger in preaching to the choir. Research by recovery specialists, Databarracks, has revealed that, when it comes to putting a plan in place to deal with disaster recovery, the majority of SMEs are ignoring or overlooking the risks...

The study showed that only 27% of small businesses had a business continuity plan compared to 68% of medium-sized organisations and 75% of large organisations. Making matters worse, of those small businesses that did have a BCP, 73% hadn't checked it within the last 12 months and didn't have plans to do so within the next year.

Perception Vs Reality

Small businesses may choose to ignore a BCP for a number of reasons but a misplaced perception of what the process involves may well be contributing to the trend...

Time

Perception: Formulating a BCP inevitably requires time diverted from business services and prevents employees from working. The plan will require further time-consuming revisions as the security landscape evolves.

Reality: Ultimately, the time taken to devise an up-to-date BCP will actually deliver business benefits. A BCP inspires confidence in employees and clients, and could make an important difference to recovery-time when disaster strikes. Updates to your BCP will become more efficient as you become more familiar with it.

Reality: Back-up and cyber-security technology has become widely available, meaning BCPs can be implemented at less cost to small businesses. It's also worth weighing the on-going financial damages of a potential disaster against the cost of a BCP.

Space

Perception: Backing-up data to protect it from threats means allocating valuable storage space. Buying additional hardware or server space not only incurs further costs but often involves physically making room on your premises.

Reality: Cloud computing represents an affordable, flexible way to export computing processes and store data off-site if space is an issue. Hybrid cloud-solutions are also available which combine virtual with on-site storage to suit a variety of security requirements and budgets.

"It Won't Happen To Me..."

Perhaps the most worrying reason for small businesses to ignore continuity planning is the perception they face a reduced risk. It's easy to feel that incidents we read about in the media occur only to huge corporations, but the "won't happen to me"-factor is dangerous...

Disaster: Lightning recently caused serious data-loss at a Google server centre, an event that would likely have decimated a small business. Natural disasters - not least fire and flood - don't discriminate in terms of a business' size.

Error: Human threats remain a concern. Even if a hacker isn't targeting your network, employees can and do make mistakes - in fact Databarracks' study revealed human error as the leading cause of data loss.

Malware: Phishing scams are ubiquitous. The accidental introduction of viruses and malware could have a devastating impact on SMEs, which often don't have dedicated IT staff available to respond.

Delay: The longer you wait to establish a BCP, the more out of touch your organisation becomes to the evolving risk-landscape, increasing the damage-potential of a future threat.

In 2015, questions like "Can I afford a BCP?" and "Should I get one?" have been answered - with a resounding "Yes". As a small business, you now have the luxury of choosing how to protect yourself, your employees and your clients... The longer you wait, the greater the risks become.

Are you ignoring the need to protect your business in the event of disaster? Do you need help putting a continuity plan in place? Share your thoughts with us here...